diff --git a/build-package.sh b/build-package.sh index 53628e7d0050ac4..bced25aa99894ba 100755 --- a/build-package.sh +++ b/build-package.sh @@ -72,6 +72,10 @@ source "$TERMUX_SCRIPTDIR/scripts/build/termux_error_exit.sh" # shellcheck source=scripts/build/termux_download.sh source "$TERMUX_SCRIPTDIR/scripts/build/termux_download.sh" +# Setup PGP keys for verifying integrity of dependencies. +# shellcheck source=scripts/build/termux_step_setup_gpg_keys.sh +source "$TERMUX_SCRIPTDIR/scripts/build/termux_step_setup_gpg_keys.sh" + # Installing packages if necessary for the full operation of CGCT. # shellcheck source=scripts/build/termux_step_setup_cgct_environment.sh source "$TERMUX_SCRIPTDIR/scripts/build/termux_step_setup_cgct_environment.sh" @@ -539,21 +543,8 @@ if [ -n "${TERMUX_PACKAGE_LIBRARY-}" ]; then esac fi -if [ "${TERMUX_INSTALL_DEPS-false}" = "true" ] || [ "${TERMUX_PACKAGE_LIBRARY-bionic}" = "glibc" ]; then - # Setup PGP keys for verifying integrity of dependencies. - # Keys are obtained from our keyring package. - gpg --list-keys 2C7F29AE97891F6419A9E2CDB0076E490B71616B > /dev/null 2>&1 || { - gpg --import "$TERMUX_SCRIPTDIR/packages/termux-keyring/grimler.gpg" - gpg --no-tty --command-file <(echo -e "trust\n5\ny") --edit-key 2C7F29AE97891F6419A9E2CDB0076E490B71616B - } - gpg --list-keys CC72CF8BA7DBFA0182877D045A897D96E57CF20C > /dev/null 2>&1 || { - gpg --import "$TERMUX_SCRIPTDIR/packages/termux-keyring/termux-autobuilds.gpg" - gpg --no-tty --command-file <(echo -e "trust\n5\ny") --edit-key CC72CF8BA7DBFA0182877D045A897D96E57CF20C - } - gpg --list-keys 998DE27318E867EA976BA877389CEED64573DFCA > /dev/null 2>&1 || { - gpg --import "$TERMUX_SCRIPTDIR/packages/termux-keyring/termux-pacman.gpg" - gpg --no-tty --command-file <(echo -e "trust\n5\ny") --edit-key 998DE27318E867EA976BA877389CEED64573DFCA - } +if [ "$TERMUX_REPO_PACKAGE" = "$TERMUX_APP_PACKAGE" ]; then + termux_step_setup_gpg_keys fi for ((i=0; i<${#PACKAGE_LIST[@]}; i++)); do diff --git a/scripts/build/termux_step_get_dependencies.sh b/scripts/build/termux_step_get_dependencies.sh index e083f5e0a7d391a..3b88d51a3963ea4 100644 --- a/scripts/build/termux_step_get_dependencies.sh +++ b/scripts/build/termux_step_get_dependencies.sh @@ -15,7 +15,7 @@ termux_step_get_dependencies() { echo "A circular dependency was found on '$PKG', the old version of the package will be installed to resolve the conflict" cyclic_dependence=true if [ "$TERMUX_INSTALL_DEPS" = false ]; then - termux_download_repo_file + TERMUX_INSTALL_DEPS=true termux_download_repo_file fi fi diff --git a/scripts/build/termux_step_setup_gpg_keys.sh b/scripts/build/termux_step_setup_gpg_keys.sh new file mode 100644 index 000000000000000..06e178d2ccc4c5f --- /dev/null +++ b/scripts/build/termux_step_setup_gpg_keys.sh @@ -0,0 +1,13 @@ +termux_step_setup_gpg_keys() { + if [ -z "$TERMUX_REPO_GPG_KEYS" ]; then + termux_error_exit "variable TERMUX_REPO_GPG_KEYS is empty, what gpg keys to configure?" + fi + + for gpg in $TERMUX_REPO_GPG_KEYS; do + local gpg_key=$(gpg --show-keys "$gpg" | sed -n 2p) + gpg --list-keys $gpg_key > /dev/null 2>&1 || { + gpg --import "$gpg" + gpg --no-tty --command-file <(echo -e "trust\n5\ny") --edit-key $gpg_key + } + done +} diff --git a/scripts/properties.sh b/scripts/properties.sh index 03b87e35fd29694..acfae32d3d6632a 100644 --- a/scripts/properties.sh +++ b/scripts/properties.sh @@ -51,6 +51,15 @@ export CGCT_DIR="/data/data/com.termux/cgct" # has packages that were built with same package name. TERMUX_REPO_PACKAGE="com.termux" +# Paths to gpg key files that will be configured +# to verify installed files from repos (service). +# Keys are obtained from our keyring package. +TERMUX_REPO_GPG_KEYS=" +$TERMUX_SCRIPTDIR/packages/termux-keyring/grimler.gpg +$TERMUX_SCRIPTDIR/packages/termux-keyring/termux-autobuilds.gpg +$TERMUX_SCRIPTDIR/packages/termux-keyring/termux-pacman.gpg +" + # Termux repo urls. TERMUX_REPO_URL=() TERMUX_REPO_DISTRIBUTION=()